Welcome to Last Week in Privacy! Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.

  1. Egypt’s parliament has approved a new draft data protection law. The legislation seeks to complement certain constitutional privacy protections after lawmakers recognized that current Egyptian laws do not regulate personal data despite advances in technology. According to lawmakers, the bill is a result of several hearings with more than twenty-five different international companies operating in Egypt, including Google, Facebook and Amazon, as well as over thirteen-hundred local companies, and is heavily influenced by the EU General Data Protection Regulation.
  2. The Malaysian government has reported that it is in the middle of reviewing its Personal Data Protection Act of 2010 for any needed updates, in an effort to align it with new technological developments, and to help streamline international requirements on data protection. According to government officials, there is no current time frame for these updates to be made, but there is a strong push to either propose amendments or an entirely new law to the Malaysian parliament sometime this year.
  3. The District of Columbia’s Attorney General has shared a proposal for expanding the city’s data breach notification law and the enforcement powers of the attorney general’s office. Specifically, the proposed Security Breach Protection Amendment Act would increase the scope of D.C.’s breach notification requirements to also cover taxpayer ID numbers, genetic information and DNA profiles, military identification data and more; and would require companies who handle personal information to maintain security safeguards against unauthorized access or use of personal data. Additionally, the Act would also require companies to notify the D.C. Attorney General’s office of any personal data breach and provide the office with new enforcement powers.
  4. The Dutch data protection authority has published guidelines on improving the registration of data breaches, as part of a report on its audit of incident and breach inventories at government institutions. The audit concluded that only sixty-percent of the inventories contained the required elements under the GDPR. The DPA concluded that the top three categories of incidents reported were (1) misdirected letters, faxes or e-mails, (2) unintended or unauthorized access to personal data, and (3) loss of documents or data media (phones, laptops, tablets). The guidelines also include ten tips from the DPA on good documentation practices for personal data breaches.

That’s all for today. Thanks for watching Last Week in Privacy, helping you to prepare for this week in privacy. See you next time.